//package project.filter;
//
//import io.jsonwebtoken.Claims;
//import io.jsonwebtoken.JwtException;
//import org.springframework.beans.factory.annotation.Autowired;
//
//import org.springframework.security.authentication.AuthenticationManager;
//import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
//import org.springframework.security.core.context.SecurityContextHolder;
//import org.springframework.security.web.AuthenticationEntryPoint;
//import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
//import org.springframework.stereotype.Component;
//import project.model.User;
//import project.service.UserService;
//import project.utils.JwtUtils;
//
//import javax.servlet.FilterChain;
//import javax.servlet.ServletException;
//import javax.servlet.http.HttpServletRequest;
//import javax.servlet.http.HttpServletResponse;
//import java.io.IOException;
//import java.util.Collections;
//
//@Component
//public class JwtAuthorizationFilter extends BasicAuthenticationFilter {
//    @Autowired
//    JwtUtils jwtUtils;
//    @Autowired
//    UserService userService;
//
//    public JwtAuthorizationFilter(AuthenticationManager authenticationManager) {
//        super(authenticationManager);
//    }
//
//
//    @Override
//    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws  ServletException, IOException {
//        String jwt = request.getHeader(jwtUtils.getHeader());
//        // 这里如果没有jwt，继续往后走，因为后面还有鉴权管理器等去判断是否拥有身份凭证，所以是可以放行的
//        // 没有jwt相当于匿名访问，若有一些接口是需要权限的，则不能访问这些接口
//        if (jwt == null || "null".equals(jwt)) {
//            chain.doFilter(request, response);
//            return;
//        }
//        Claims claim = jwtUtils.getClaimsByToken(jwt);
//        if (claim == null) {
//            throw new JwtException("token 异常");
//        }
//        if (jwtUtils.isTokenExpired(claim)) {
//            throw new JwtException("token 已过期");
//        }
//        String username = claim.getSubject();
//        // 获取用户的权限等信息
//        User user=userService.selectByName(username);
//        // 构建UsernamePasswordAuthenticationToken,这里密码为null，是因为提供了正确的JWT,实现自动登录
////        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, null, userDetailService.getUserAuthority(sysUser.getId()));
////        SecurityContextHolder.getContext().setAuthentication(token);
//        // 修改后的代码（权限传空）
//        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
//                username,
//                null,
//                Collections.emptyList() // 权限置空
//        );
//        SecurityContextHolder.getContext().setAuthentication(token);
//        chain.doFilter(request, response);
//    }
//
//}
